Recently, a feedback image encryption algorithm with compound chaotic stream cipher based on perturbation was proposed. This paper analyzes security of the algorithm and reports that there exist some security defects, i.e., encryption of a pixel is independent on the position scrambling and the encryption round is controlled by the users. Based on them, a chosen-ciphertext attack is proposed to obtain the equivalent version of the secret key of the algorithm with $$n\cdot \lceil \log _{256} MN +2 \rceil $$ n · ⌈ log 256 M N + 2 ⌉ chosen cipher-images, where $$M\times N$$ M × N is the size of the corresponding plain-images and n is the round number of encryption.